Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/DyHpu-x8guA02cBkLhGfPP-K7TE.roa
File:                     DyHpu-x8guA02cBkLhGfPP-K7TE.roa (raw, json)
Hash identifier:          7QSawUqfPF05qyXrzg7qcZ0fHVVtqJGCxLXOkW3b3nE=
Subject key identifier:   0F:21:E9:BB:EC:7C:82:E0:34:D9:C0:64:2E:11:9F:3C:FF:8A:ED:31
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC649FF32FBF0992144ED7289F6A07453
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/DyHpu-x8guA02cBkLhGfPP-K7TE.roa
Signing time:             Mon 01 Jan 2024 18:29:47 +0000
ROA not before:           Mon 01 Jan 2024 18:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198590
IP address blocks:        2a12:bec0:330::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:ff:32:fb:f0:99:21:44:ed:72:89:f6:a0:74:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f21e9bbec7c82e034d9c0642e119f3cff8aed31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:76:4a:6e:2c:54:5f:ca:35:19:2b:5c:06:db:
                    52:f5:fc:c6:0e:fa:4e:4f:35:10:7a:ed:1e:10:27:
                    35:13:5c:ed:39:b6:19:90:f6:f9:40:e8:79:7c:f1:
                    6c:2c:53:6e:28:40:a8:47:86:6a:b4:c5:da:8d:59:
                    c5:1c:df:2f:97:d1:ed:7d:55:87:58:0e:0b:8e:98:
                    70:8a:52:a3:86:12:15:6f:17:4f:2a:e0:f6:4d:a9:
                    ef:6f:4f:03:0c:e4:d3:d2:7c:50:33:98:d4:b4:2b:
                    16:b5:ae:24:3c:24:ce:dd:e0:78:33:70:56:5e:6b:
                    7a:5a:7a:df:95:11:5c:15:2f:ff:63:f1:b0:6e:be:
                    70:a6:e7:a2:0f:59:ee:83:6c:ad:06:c0:96:1a:9c:
                    29:51:e9:a1:60:7b:46:e1:5c:93:81:96:87:53:fa:
                    bb:06:0d:95:79:eb:f9:88:3c:33:d5:9a:24:a1:b5:
                    76:75:de:71:ab:8d:bd:94:22:b9:1b:3f:d6:8a:40:
                    aa:32:f2:2e:20:e0:b7:38:e3:df:ab:4a:dc:6b:a1:
                    94:b2:a5:0c:db:2f:45:08:c0:85:8b:0e:16:1d:31:
                    53:62:fd:6d:e4:d6:17:8e:bb:ef:20:d7:05:83:e2:
                    41:76:ac:03:9f:f0:11:9b:0c:69:e6:d0:22:a9:08:
                    9c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:21:E9:BB:EC:7C:82:E0:34:D9:C0:64:2E:11:9F:3C:FF:8A:ED:31
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/DyHpu-x8guA02cBkLhGfPP-K7TE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:330::/44

    Signature Algorithm: sha256WithRSAEncryption
         b2:8d:b2:dc:da:f8:f3:1b:72:4c:bf:79:03:35:0a:22:4c:d2:
         4e:37:4f:87:a5:0b:89:d0:9c:80:ec:11:30:2a:79:26:f1:78:
         5f:af:a8:b4:4f:14:2f:2c:9c:c3:b9:aa:54:62:7c:2d:f0:a2:
         a8:63:11:60:fc:87:46:36:5e:82:7b:03:7d:63:62:64:cb:65:
         3e:73:32:41:ff:28:33:cc:1c:e3:f7:96:41:c2:aa:cc:3d:d5:
         f5:ae:87:63:61:bb:cc:0c:72:cf:e8:2a:9b:19:eb:b4:ac:e5:
         e4:21:00:ee:b8:31:68:2b:ad:34:3c:d7:58:e4:45:07:b3:8d:
         a5:a4:f9:41:b2:b0:ae:49:20:7b:cf:25:52:cb:59:e8:7f:62:
         6f:b2:46:f7:7a:61:73:5e:54:9d:85:15:19:6d:e8:8d:ea:12:
         b1:35:23:c1:17:76:53:60:6a:bd:3c:3f:dc:e3:57:23:7a:a2:
         33:14:6c:66:08:cc:4f:d8:29:40:c9:3e:f4:19:0a:00:18:48:
         01:3c:84:d9:42:43:36:27:f6:ee:13:71:ee:a8:ca:c6:71:e1:
         d6:40:d7:ba:b5:ec:ec:c7:86:92:77:d0:fc:7a:2e:7a:c3:83:
         93:75:cd:9c:3f:23:68:29:86:6d:f3:06:99:9a:41:5c:03:73:
         32:a2:b9:99
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSf8y+/CZIUTtcon2oHRTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjIxZTliYmVjN2M4MmUwMzRkOWMwNjQyZTExOWYzY2ZmOGFlZDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgXZKbixUX8o1GStcBttS9fzGDvpO
TzUQeu0eECc1E1ztObYZkPb5QOh5fPFsLFNuKECoR4ZqtMXajVnFHN8vl9HtfVWH
WA4LjphwilKjhhIVbxdPKuD2Tanvb08DDOTT0nxQM5jUtCsWta4kPCTO3eB4M3BW
Xmt6WnrflRFcFS//Y/Gwbr5wpueiD1nug2ytBsCWGpwpUemhYHtG4VyTgZaHU/q7
Bg2Veev5iDwz1ZokobV2dd5xq429lCK5Gz/WikCqMvIuIOC3OOPfq0rca6GUsqUM
2y9FCMCFiw4WHTFTYv1t5NYXjrvvINcFg+JBdqwDn/ARmwxp5tAiqQic2QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA8h6bvsfILgNNnAZC4Rnzz/iu0xMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvRHlIcHUteDhndUEwMmNCa0xoR2ZQUC1LN1RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAMw
MA0GCSqGSIb3DQEBCwUAA4IBAQCyjbLc2vjzG3JMv3kDNQoiTNJON0+HpQuJ0JyA
7BEwKnkm8Xhfr6i0TxQvLJzDuapUYnwt8KKoYxFg/IdGNl6CewN9Y2Jky2U+czJB
/ygzzBzj95ZBwqrMPdX1rodjYbvMDHLP6CqbGeu0rOXkIQDuuDFoK600PNdY5EUH
s42lpPlBsrCuSSB7zyVSy1nof2Jvskb3emFzXlSdhRUZbeiN6hKxNSPBF3ZTYGq9
PD/c41cjeqIzFGxmCMxP2ClAyT70GQoAGEgBPITZQkM2J/buE3HuqMrGceHWQNe6
tezsx4aSd9D8ei56w4OTdc2cPyNoKYZt8waZmkFcA3MyormZ
-----END CERTIFICATE-----